aws-amplify · abhi7cr · Nov 12, 2024 · Nov 11, 2024 · Nov 11, 2024 · Nov 12, 2024
@@ -9,6 +9,7 @@ import { GroupType } from '@aws-sdk/client-cognito-identity-provider';
 import { IdentityProviderType } from '@aws-sdk/client-cognito-identity-provider';
 import { LambdaConfigType } from '@aws-sdk/client-cognito-identity-provider';
 import { ProviderDescription } from '@aws-sdk/client-cognito-identity-provider';
+import { ReferenceAuth } from '@aws-amplify/amplify-gen2-codegen/src/auth/source_builder';
 import { SoftwareTokenMfaConfigType } from '@aws-sdk/client-cognito-identity-provider';
 import { UserPoolClientType } from '@aws-sdk/client-cognito-identity-provider';
 import { UserPoolMfaType } from '@aws-sdk/client-cognito-identity-provider';
@@ -31,6 +32,8 @@ export interface AuthSynthesizerOptions {
     // (undocumented)
     mfaConfig?: UserPoolMfaType;
     // (undocumented)
+    referenceAuth?: ReferenceAuth;
+    // (undocumented)
     totpConfig?: SoftwareTokenMfaConfigType;
     // (undocumented)
     userPool: UserPoolType;
@@ -50,7 +53,7 @@ export interface AuthTriggerConnection {
 export type AuthTriggerConnectionSourceMap = Partial<Record<keyof LambdaConfigType, string>>;
 
 // @public (undocumented)
-export const getAuthDefinition: ({ userPool, identityPoolName, identityProviders, identityProvidersDetails, identityGroups, webClient, authTriggerConnections, guestLogin, mfaConfig, totpConfig, }: AuthSynthesizerOptions) => AuthDefinition;
+export const getAuthDefinition: ({ userPool, identityPoolName, identityProviders, identityProvidersDetails, identityGroups, webClient, authTriggerConnections, guestLogin, referenceAuth, mfaConfig, totpConfig, }: AuthSynthesizerOptions) => AuthDefinition;
 
 // (No @packageDocumentation comment for this package)
 

@@ -16,7 +16,7 @@ import {
   LoginOptions,
   Scope,
 } from '@aws-amplify/amplify-gen2-codegen';
-import { AttributeMappingRule } from '@aws-amplify/amplify-gen2-codegen/src/auth/source_builder';
+import { AttributeMappingRule, ReferenceAuth } from '@aws-amplify/amplify-gen2-codegen/src/auth/source_builder';
 import {
   LambdaConfigType,
   IdentityProviderTypeType,
@@ -46,6 +46,7 @@ export interface AuthSynthesizerOptions {
   identityGroups?: GroupType[];
   webClient?: UserPoolClientType;
   authTriggerConnections?: AuthTriggerConnectionSourceMap;
+  referenceAuth?: ReferenceAuth;
   guestLogin?: boolean;
   mfaConfig?: UserPoolMfaType;
   totpConfig?: SoftwareTokenMfaConfigType;
@@ -243,6 +244,7 @@ export const getAuthDefinition = ({
   webClient,
   authTriggerConnections,
   guestLogin,
+  referenceAuth,
   mfaConfig,
   totpConfig,
 }: AuthSynthesizerOptions): AuthDefinition => {
@@ -360,5 +362,6 @@ export const getAuthDefinition = ({
     oAuthFlows: webClient?.AllowedOAuthFlows,
     readAttributes: webClient?.ReadAttributes,
     writeAttributes: webClient?.WriteAttributes,
+    referenceAuth,
   };
 };
@@ -45,6 +45,8 @@ export interface AuthDefinition {
     // (undocumented)
     readAttributes?: string[];
     // (undocumented)
+    referenceAuth?: ReferenceAuth;
+    // (undocumented)
     standardUserAttributes?: StandardAttributes;
     // (undocumented)
     userPoolOverrides?: PolicyOverrides;
@@ -192,6 +194,16 @@ export type Permission = 'read' | 'write' | 'create' | 'delete';
 // @public (undocumented)
 export type PolicyOverrides = Partial<Record<PasswordPolicyPath | string, string | boolean | number | string[]>>;
 
+// @public (undocumented)
+export type ReferenceAuth = {
+    userPoolId?: string;
+    identityPoolId?: string;
+    authRoleArn?: string;
+    unauthRoleArn?: string;
+    userPoolClientId?: string;
+    groups?: Record<string, string>;
+};
+
 // @public (undocumented)
 export interface Renderer {
     // (undocumented)

@@ -6,6 +6,7 @@ import {
   AuthDefinition,
   AuthTriggerEvents,
   EmailOptions,
+  ReferenceAuth,
   renderAuthNode,
   UserPoolMfaConfig,
 } from './source_builder';
@@ -376,4 +377,80 @@ describe('render auth node', () => {
       assert.match(source, /defineAuth\(\{[\s\S]*attributeMapping:\s\{[\s\S]*fullname:\s"name"/);
     });
   });
+  describe('reference auth', () => {
+    it(`renders successfully for imported userpool`, () => {
+      const referenceAuthProps: ReferenceAuth = {
+        userPoolId: 'userPoolId',
+        userPoolClientId: 'userPoolClientId',
+        groups: {
+          Admin: 'AdminRoleARN',
+          ReadOnly: 'ReadOnlyRoleARN',
+        },
+      };
+      const authDefinition: AuthDefinition = {
+        referenceAuth: referenceAuthProps,
+      };
+      const node = renderAuthNode(authDefinition);
+      const source = printNodeArray(node);
+      assert.match(source, /referenceAuth/);
+      assert.match(source, /userPoolId: "userPoolId"/);
+      assert.match(source, /userPoolClientId: "userPoolClientId"/);
+      assert.match(source, /groups:/);
+      assert.match(source, /Admin: "AdminRoleARN"/);
+      assert.match(source, /ReadOnly: "ReadOnlyRoleARN"/);
+      assert.doesNotMatch(source, /identityPoolId: "identityPoolId"/);
+      assert.doesNotMatch(source, /authRoleArn: "authRoleArn"/);
+      assert.doesNotMatch(source, /unauthRoleArn: "unauthRoleArn"/);
+    });
+
+    it(`renders successfully for imported identity pool`, () => {
+      const referenceAuthProps: ReferenceAuth = {
+        identityPoolId: 'identityPoolId',
+        authRoleArn: 'authRoleArn',
+        unauthRoleArn: 'unauthRoleArn',
+      };
+      const authDefinition: AuthDefinition = {
+        referenceAuth: referenceAuthProps,
+      };
+      const node = renderAuthNode(authDefinition);
+      const source = printNodeArray(node);
+      assert.match(source, /referenceAuth/);
+      assert.match(source, /identityPoolId: "identityPoolId"/);
+      assert.match(source, /authRoleArn: "authRoleArn"/);
+      assert.match(source, /unauthRoleArn: "unauthRoleArn"/);
+      assert.doesNotMatch(source, /userPoolId: "userPoolId"/);
+      assert.doesNotMatch(source, /userPoolClientId: "userPoolClientId"/);
+      assert.doesNotMatch(source, /groups:/);
+      assert.doesNotMatch(source, /Admin: "AdminRoleARN"/);
+      assert.doesNotMatch(source, /ReadOnly: "ReadOnlyRoleARN"/);
+    });
+
+    it(`renders successfully for imported userpool and identity pool`, () => {
+      const referenceAuthProps: ReferenceAuth = {
+        userPoolId: 'userPoolId',
+        userPoolClientId: 'userPoolClientId',
+        identityPoolId: 'identityPoolId',
+        authRoleArn: 'authRoleArn',
+        unauthRoleArn: 'unauthRoleArn',
+        groups: {
+          Admin: 'AdminRoleARN',
+          ReadOnly: 'ReadOnlyRoleARN',
+        },
+      };
+      const authDefinition: AuthDefinition = {
+        referenceAuth: referenceAuthProps,
+      };
+      const node = renderAuthNode(authDefinition);
+      const source = printNodeArray(node);
+      assert.match(source, /referenceAuth/);
+      assert.match(source, /userPoolId: "userPoolId"/);
+      assert.match(source, /userPoolClientId: "userPoolClientId"/);
+      assert.match(source, /identityPoolId: "identityPoolId"/);
+      assert.match(source, /authRoleArn: "authRoleArn"/);
+      assert.match(source, /unauthRoleArn: "unauthRoleArn"/);
+      assert.match(source, /groups:/);
+      assert.match(source, /Admin: "AdminRoleARN"/);
+      assert.match(source, /ReadOnly: "ReadOnlyRoleARN"/);
+    });
+  });
 });
@@ -128,6 +128,15 @@ export type AuthTriggerEvents =
   | 'userMigration'
   | 'verifyAuthChallengeResponse';
 
+export type ReferenceAuth = {
+  userPoolId?: string;
+  identityPoolId?: string;
+  authRoleArn?: string;
+  unauthRoleArn?: string;
+  userPoolClientId?: string;
+  groups?: Record<string, string>;
+};
+
 export interface AuthDefinition {
   loginOptions?: LoginOptions;
   groups?: Group[];
@@ -141,6 +150,7 @@ export interface AuthDefinition {
   oAuthFlows?: string[];
   readAttributes?: string[];
   writeAttributes?: string[];
+  referenceAuth?: ReferenceAuth;
 }
 
 const factory = ts.factory;
@@ -462,6 +472,35 @@ const createUserAttributeAssignments = (
 
 export function renderAuthNode(definition: AuthDefinition): ts.NodeArray<ts.Node> {
   const namedImports: { [importedPackageName: string]: Set<string> } = { '@aws-amplify/backend': new Set() };
+  const refAuth = definition.referenceAuth;
+  if (refAuth) {
+    const referenceAuthProperties: Array<PropertyAssignment> = [];
+    namedImports['@aws-amplify/backend'].add('referenceAuth');
+    for (const [key, value] of Object.entries(refAuth)) {
+      if (value) {
+        referenceAuthProperties.push(
+          factory.createPropertyAssignment(
+            factory.createIdentifier(key),
+            typeof value === 'object'
+              ? factory.createObjectLiteralExpression(
+                  Object.entries(value).map(([_key, _value]) =>
+                    factory.createPropertyAssignment(factory.createIdentifier(_key), factory.createStringLiteral(_value)),
+                  ),
+                  true,
+                )
+              : factory.createStringLiteral(value),
+          ),
+        );
+      }
+    }
+    return renderResourceTsFile({
+      exportedVariableName: factory.createIdentifier('auth'),
+      functionCallParameter: factory.createObjectLiteralExpression(referenceAuthProperties, true),
+      additionalImportedBackendIdentifiers: namedImports,
+      backendFunctionConstruct: 'referenceAuth',
+    });
+  }
+
   namedImports['@aws-amplify/backend'].add('defineAuth');
   const defineAuthProperties: Array<PropertyAssignment> = [];
   const secretErrors: ts.Node[] = [];

@@ -9,7 +9,7 @@ import ts, {
   ImportDeclaration,
   VariableStatement,
 } from 'typescript';
-import { PolicyOverrides } from '../auth/source_builder.js';
+import { PolicyOverrides, ReferenceAuth } from '../auth/source_builder.js';
 import { BucketAccelerateStatus, BucketVersioningStatus } from '@aws-sdk/client-s3';
 import { AccessPatterns, ServerSideEncryptionConfiguration } from '../storage/source_builder.js';
 import assert from 'assert';
@@ -26,6 +26,7 @@ export interface BackendRenderParameters {
     oAuthFlows?: string[];
     readAttributes?: string[];
     writeAttributes?: string[];
+    referenceAuth?: ReferenceAuth;
   };
   storage?: {
     importFrom: string;
@@ -206,7 +207,7 @@ export class BackendSynthesizer {
       factory.createVariableDeclarationList([backendVariable], ts.NodeFlags.Const),
     );
 
-    if (renderArgs.auth?.userPoolOverrides) {
+    if (renderArgs.auth?.userPoolOverrides && !renderArgs?.auth?.referenceAuth) {
       const cfnUserPoolVariableStatement = this.createVariableStatement(
         this.createVariableDeclaration('cfnUserPool', 'auth.resources.cfnResources.cfnUserPool'),
       );
@@ -233,7 +234,7 @@ export class BackendSynthesizer {
       );
     }
 
-    if (renderArgs.auth?.guestLogin === false || renderArgs.auth?.identityPoolName) {
+    if (renderArgs.auth?.guestLogin === false || (renderArgs.auth?.identityPoolName && !renderArgs?.auth?.referenceAuth)) {
       const cfnIdentityPoolVariableStatement = this.createVariableStatement(
         this.createVariableDeclaration('cfnIdentityPool', 'auth.resources.cfnResources.cfnIdentityPool'),
       );
@@ -248,7 +249,10 @@ export class BackendSynthesizer {
       }
     }
 
-    if (renderArgs.auth?.oAuthFlows || renderArgs.auth?.readAttributes || renderArgs.auth?.writeAttributes) {
+    if (
+      (renderArgs.auth?.oAuthFlows || renderArgs.auth?.readAttributes || renderArgs.auth?.writeAttributes) &&
+      !renderArgs?.auth?.referenceAuth
+    ) {
       const cfnUserPoolClientVariableStatement = this.createVariableStatement(
         this.createVariableDeclaration('cfnUserPoolClient', 'auth.resources.cfnResources.cfnUserPoolClient'),
       );
@@ -274,7 +278,7 @@ export class BackendSynthesizer {
       }
     }
 
-    if (renderArgs.auth?.writeAttributes) {
+    if (renderArgs.auth?.writeAttributes && !renderArgs?.auth?.referenceAuth) {
       nodes.push(
         this.setPropertyValue(
           factory.createIdentifier('cfnUserPoolClient'),

@@ -31,6 +31,7 @@ import {
   SamlOptions,
   Scope,
   AttributeMappingRule,
+  ReferenceAuth,
 } from './auth/source_builder';
 import {
   StorageRenderParameters,
@@ -148,6 +149,7 @@ export const createGen2Renderer = ({
       oAuthFlows: auth?.oAuthFlows,
       readAttributes: auth?.readAttributes,
       writeAttributes: auth?.writeAttributes,
+      referenceAuth: auth?.referenceAuth,
     };
   }
 
@@ -228,4 +230,5 @@ export {
   Scope,
   AttributeMappingRule,
   ServerSideEncryptionConfiguration,
+  ReferenceAuth,
 };